Page 6 of 7 FirstFirst ... 4567 LastLast
Results 51 to 60 of 66

Thread: Serious Offshore Attacks from China

  1. #51
    Member
    Join Date
    Nov 2007
    Posts
    220

    Default

    I appreciate the post but If I am to do this i will be building an independent smoothwall. The firewall and wifi on the first point (adsl modem) will be disabled and afaik this will be similar to what you have described?

    I don't expect to find much to be honest, its a home network, but I will not be setting it up to catch people, more to understand it all (as much as possible), and that when people at work bring up things like this I can join in and learn from them instead of it being water off a sucks back. This is the problem I have, there are two areas where I work, the geeks and the servicedesk and to jump is very difficult, there is no middle ground, I learn by playing (like most people, i know), which is why I put in lots of hours at home out of my depth, just learning (much in the same way i got into linux on my own, virtual machines, backtrack (albeit with the odd pointer from a friend) etc), also this is the kind of work that my council is starting to seriously concentrate on (becoming iso27001 compliant) and this is my chance to shine

    This is why I'm up for it, however I do muchly respect your opinion and if you think its a waste and my time is better spent in other areas I will happily accept your advice.

    (just read back and this sounds like a rant, sorry, its not meant to be, just... yeah im doing that thing again where im going to start digging, someone take the spade off me :s)
    wtf?

  2. #52
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by Andy90 View Post
    I appreciate the post but If I am to do this i will be building an independent smoothwall. The firewall and wifi on the first point (adsl modem) will be disabled and afaik this will be similar to what you have described?

    I don't expect to find much to be honest, its a home network, but I will not be setting it up to catch people, more to understand it all (as much as possible), and that when people at work bring up things like this I can join in and learn from them instead of it being water off a sucks back. This is the problem I have, there are two areas where I work, the geeks and the servicedesk and to jump is very difficult, there is no middle ground, I learn by playing (like most people, i know), which is why I put in lots of hours at home out of my depth, just learning (much in the same way i got into linux on my own, virtual machines, backtrack (albeit with the odd pointer from a friend) etc), also this is the kind of work that my council is starting to seriously concentrate on (becoming iso27001 compliant) and this is my chance to shine

    This is why I'm up for it, however I do muchly respect your opinion and if you think its a waste and my time is better spent in other areas I will happily accept your advice.

    (just read back and this sounds like a rant, sorry, its not meant to be, just... yeah im doing that thing again where im going to start digging, someone take the spade off me :s)
    No problem, I understand that you're trying to learn. That's why I wanted to clarify my particular setup and that drawing. I didn't mean to imply it won't work for a home setup, it's just you'd need to do things a little differently than a standard home setup where you have a DSL Router/AP unit.

    My setup at home is like this.

    Cable Modem --> Firewall --> Switch --> AP's, Servers,Printers, Workstations

    So I could do something similar at home without much fuss, but most home setups it like this:

    Cable/DSL Modem --> Workstations

    Where everything is built into that one unit thus making the project a little more difficult.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  3. #53
    Member
    Join Date
    Nov 2007
    Posts
    220

    Default

    Well at moment I have the normal home setup, but i also have a spare mobo+cpu pair (with all the bits) which will become the smoothwall, I have a hub somewhere i never got around to putting in the bin, I am willing to buy an AP to complement the router, and finally a 16port netgear mountable switch to put in my room.

    Hoping maybe just 20quid for a spare case and another network cable or two and may get it setup. TBH I can also see me spending 3 weeks getting it working, couple of weeks studying and learning and then disassemble it all, but hey, job done

    Also I would like to do some monitoring as in this house (shared between five friends) there are 7 PC's, 4 laptops, half a dozen VM's (domain controller, vulnerable XP, ubuntu, DSL and a few others) etc, so hopefully be something worth studying.
    wtf?

  4. #54
    Member The_Denv's Avatar
    Join Date
    Nov 2006
    Posts
    364

    Thumbs up

    Quote Originally Posted by streaker69 View Post
    Let me explain something and hopefully this clears up some confusion. I think a couple of you are trying to apply that diagram to a home based network, which that is not. I have that here in my office, yes, we use DSL, don't really have much of a choice.

    The DSL router that I have is not a standard home based (SOHO) router, it's a Cisco 827, running the real Cisco IOS. Behind that I have a hardware firewall, basically a 'netpliance device, again, not my choice, it was here when I got here. So in my configuration, the LAN port of my Router runs to the WAN port of my firewall and the LAN port of my firewall runs to my LAN Switch. In between the Router and the Firewall I can either place the passive TAP or I can place a dumb hub, or I could place a Managed Switch that allows for Port Mirroring. In this case at the moment, I'm using a Hub, long story why I'm not using my passive Tap.

    The reason I'm able to see all the attacks that I do is because the DSL router passes all traffic to my firewall, which it then does a stateful packet inspection and passes what's allowed to the inside. The Snort box does nothing but log the traffic, as I have it running in IDS mode and not IPS mode.

    For you guys trying to replicate this at home, you'd need a router on the outside that does the same thing. Your standard out of the box cable modem (where all it is, is a cable modem) does this. It just passes the packets, good or bad, to whatever is connected behind it.

    That is the kind of setup you're looking for, where the first device in line is not doing anything but routing traffic from WAN to LAN. You'd then have a second device running as your firewall to your LAN. Your Snort sensor NIC box goes in the DMZ (between router and firewall). Your other Snort NIC is wired to the other side of your LAN so that you can access BASE and monitor the attacks.

    It is very important that you NEVER bind an ipaddress to your Sensor nic, when you do that, it can be detected by the outside, and someone might decide to attack it instead.

    My setup at home is like this.

    Cable Modem --> Firewall --> Switch --> AP's, Servers,Printers, Workstations

    So I could do something similar at home without much fuss, but most home setups it like this:

    Cable/DSL Modem --> Workstations

    Where everything is built into that one unit thus making the project a little more difficult.
    streaker69, This is a fantastic explanation of the exact network I have been wanting to setup this past 9yrs [Since I was 13, never got around to doing due to..well, life in general and all its pleasures. This is perfect streaker, a very nice and interesting read too. I have actually copied what you said and saved it in a text file.

    How long have you been involved in networking, what was the first network you setup?

    When I was 13-14 I had 5 stations in one room 4 running Win98 and a server running RedHat. They were all office scrap I was given over time, all yellow due to nicotine stains from staff smoking in the office lol. 750Mhz, 133Mhz x3 and the lowest was 75Hz..bluelight processor I think. Well they where running off a standard 10/100 Ethernet hub [8 ethernet ports] with a TNC port [which I never used] and no internet connection or router/switch. From the age of 13-18yrs old I only had an internet connection twice, each a duration for 6 months on a dail-up modem as British Telecom's rates where above my pocket money range ...ended up learning more about LAN's and phone phreaking than I thought due to no internet connection for nearly 5 years, it made me go to the library more and get books, to this day Ive forgot to bring them back and the library is closed down now, which is evil but heh; I honestly kept forgetting to bring them back

    I also noticed that I just had a rant myself. streaker, I take it the real Cisco IOS is worth using? It says at Cisco.com that IOS Software basically has more security features and seems less expensive to run [concerning electricity], which is perfect for my needs. My network setup is just the average PPPoA/DSL => ROUTER/AP => Workstations. So as you stated above, I would have to change it a bit. Cant wait for for wage-slip day...it shall be a field trip

    Excludding security, I basically want to see the very blood/DNA of the packets coming in and out to understand a LOT more about networking, the I/O of packets, switches, snort boxes, data analyzing boxes [BASE], Dedicated firewalls and this exact setup is the path to my Network of Eden. For me this shall be a lot of fun, thanks again for that network map for some reason everything is more clearer now.

  5. #55
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    The first network setup that I had at home was a 10b2 network using Coax, running IPX/SPX since I had a Novell Server to play with. I had four machines on that network. A friend used to stop over and we'd play some of the very early network games. The original version of GTA was networkable as was Escape from Castle Wolfenstein, which I had also played on Apple ][e's in highschool before the original x86 was released.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  6. #56
    Member The_Denv's Avatar
    Join Date
    Nov 2006
    Posts
    364

    Default

    Quote Originally Posted by streaker69 View Post
    The first network setup that I had at home was a 10b2 network using Coax, running IPX/SPX since I had a Novell Server to play with. I had four machines on that network. A friend used to stop over and we'd play some of the very early network games. The original version of GTA was networkable as was Escape from Castle Wolfenstein, which I had also played on Apple ][e's in highschool before the original x86 was released.
    Nice one, that sounds like a small version of my High School's old computer network along with a few IBMs and an OS called Arcamedies which was all based on math learning for the pupils. Funny you mention Escape from Castle Wolfenstien, they had that running on an old Apple Mac..bad thing was that only one computer had it installed on it and at that point I didn't know anything about computer security.

    In the UK we enter High School at the age of 11, just thought Id say that incase of a mix up

  7. #57
    Member The_Denv's Avatar
    Join Date
    Nov 2006
    Posts
    364

    Default

    You seriously want to read this news article:

    China has Penetrated key U.S. Databases: SANS Director.

    Something is seriously going on, as I said they are scanning British Telecom's IP_Range as we speak, I just looked at wireshark [no funds for the BASE box yet] and they are still coming in. I will phone my friend tomorrow and get him to check his side of the city [he is also on B.T.]

    Between this and all the data going missing over here, Im starting to get paranoid!

  8. #58
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by The_Denv View Post
    You seriously want to read this news article:

    China has Penetrated key U.S. Databases: SANS Director.

    Something is seriously going on, as I said they are scanning British Telecom's IP_Range as we speak, I just looked at wireshark [no funds for the BASE box yet] and they are still coming in. I will phone my friend tomorrow and get him to check his side of the city [he is also on B.T.]

    Between this and all the data going missing over here, Im starting to get paranoid!
    Yeah, I've discussed that at length with a friend of mine, and I have a collection of articles related to hacks on SCADA networks. You'll find they all have something in common, there was someone on the inside.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  9. #59
    Member The_Denv's Avatar
    Join Date
    Nov 2006
    Posts
    364

    Default

    Quote Originally Posted by streaker69 View Post
    Yeah, I've discussed that at length with a friend of mine, and I have a collection of articles related to hacks on SCADA networks. You'll find they all have something in common, there was someone on the inside.
    Its amazing the amount of data there is publicly available on SAS/SCADA networks. I just typed 'SCADA hack' into Google and a few PDF files came up with some good info.

    Something is going on in China, something big...our prime minister is over there at the minute discussing environmental issues, or so the press says. Also, back in September; France blame China on hack attack:
    France Blames China on Hack Attack.

    I am only awake, but Im going to be reading more articles on China and its 40,000 caged-in hack slaves that have been attacking the entire planet electronically. There is a hidden war going on, and its obvious that nobody is doing anything about it. Although I read in an article that the US Government are thinking of letting only 50 connections in the country to have access outside the country and that these 50 connection points will be heavily guarded by CIA network security officers...all due to the Chinese.

    I think this we are witnessing the beginning of a potential war, a real war.

  10. #60
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by The_Denv View Post
    Its amazing the amount of data there is publicly available on SAS/SCADA networks. I just typed 'SCADA hack' into Google and a few PDF files came up with some good info.

    Something is going on in China, something big...our prime minister is over there at the minute discussing environmental issues, or so the press says. Also, back in September; France blame China on hack attack:
    France Blames China on Hack Attack.

    I am only awake, but Im going to be reading more articles on China and its 40,000 caged-in hack slaves that have been attacking the entire planet electronically. There is a hidden war going on, and its obvious that nobody is doing anything about it. Although I read in an article that the US Government are thinking of letting only 50 connections in the country to have access outside the country and that these 50 connection points will be heavily guarded by CIA network security officers...all due to the Chinese.
    Don't be so sure that nobody is doing anything about it. I'm quite sure that our intelligence agencies are quite busy attempting to stop it. But they can't capture everything, as their hands are tied in many cases.

    The biggest problem in relation to infrastructure is for years there's been no standards on implementation in regards to security except for the Nuclear Power industry. Utilities only now are trying to play catch up, and it's going to take some time to get things implemented correctly.

    Most SCADA Security measures are parallel to just good computing practices. Protect your borders, strong passwords, no default configurations etc...
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

Page 6 of 7 FirstFirst ... 4567 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •